@kya-os/mcp-i-cloudflare 1.5.10-canary.8 → 1.6.0

package/dist/services/consent-audit.service.js

@@ -0,0 +1,243 @@
+/**
+ * Consent Audit Service
+ *
+ * Handles audit logging for consent-related events.
+ * These events bypass session deduplication to allow multiple events per session.
+ */
+export class ConsentAuditService {
+    proofService;
+    auditLogger;
+    proofGenerator;
+    config;
+    runtime;
+    logger = {
+        error: (message, meta) => {
+            console.error(`[ConsentAuditService] ${message}`, meta);
+            // TODO: Send to error tracking service
+        },
+    };
+    constructor(proofService, auditLogger, proofGenerator, config, runtime // REQUIRED for identity
+    ) {
+        this.proofService = proofService;
+        this.auditLogger = auditLogger;
+        this.proofGenerator = proofGenerator;
+        this.config = config;
+        this.runtime = runtime;
+    }
+    /**
+     * Create a minimal SessionContext for audit logging
+     * Only sessionId and audience are used by logEvent, but TypeScript requires full SessionContext
+     */
+    createSessionContext(sessionId) {
+        const now = Math.floor(Date.now() / 1000);
+        // Audience is typically from the handshake, but for consent events we use a default
+        const audience = "https://kya.vouched.id";
+        return {
+            sessionId,
+            audience,
+            nonce: "", // Not used by logEvent, but required by type
+            timestamp: now,
+            createdAt: now,
+            lastActivity: now,
+            ttlMinutes: 30,
+        };
+    }
+    /**
+     * Log consent page view event
+     */
+    async logConsentPageView(event) {
+        const timestamp = Math.floor(Date.now() / 1000); // Unix timestamp in seconds
+        const identity = await this.getServerIdentity();
+        // Log to audit system (bypasses session deduplication)
+        await this.auditLogger.logEvent({
+            eventType: "consent:page_viewed",
+            identity,
+            session: this.createSessionContext(event.sessionId),
+            eventData: event,
+        });
+        // Generate proof for dashboard
+        const proof = await this.generateConsentProof("consent:page_viewed", event, timestamp);
+        await this.proofService.submitProof(proof, {
+            session: { id: event.sessionId },
+            consentEvent: {
+                eventType: "consent:page_viewed",
+                timestamp,
+                sessionId: event.sessionId,
+                agentDid: event.agentDid,
+                targetTools: event.targetTools,
+                scopes: event.scopes,
+                projectId: event.projectId,
+            },
+        });
+    }
+    /**
+     * Log consent approval event
+     */
+    async logConsentApproval(event) {
+        const timestamp = Math.floor(Date.now() / 1000); // Unix timestamp in seconds
+        const identity = await this.getServerIdentity();
+        // Log to audit system
+        await this.auditLogger.logEvent({
+            eventType: "consent:approved",
+            identity,
+            session: this.createSessionContext(event.sessionId),
+            eventData: event,
+        });
+        // Generate proof
+        const proof = await this.generateConsentProof("consent:approved", event, timestamp);
+        await this.proofService.submitProof(proof, {
+            session: { id: event.sessionId },
+            consentEvent: {
+                eventType: "consent:approved",
+                timestamp,
+                sessionId: event.sessionId,
+                userDid: event.userDid,
+                agentDid: event.agentDid,
+                targetTools: event.targetTools,
+                scopes: event.scopes,
+                delegationId: event.delegationId,
+                projectId: event.projectId,
+                termsAccepted: event.termsAccepted,
+                oauthIdentity: event.oauthIdentity,
+            },
+        });
+    }
+    /**
+     * Log when user needs credentials before delegation
+     */
+    async logCredentialRequired(event) {
+        const timestamp = Math.floor(Date.now() / 1000); // Unix timestamp in seconds
+        const identity = await this.getServerIdentity();
+        // Log to audit system
+        await this.auditLogger.logEvent({
+            eventType: "consent:credential_required",
+            identity,
+            session: this.createSessionContext(event.sessionId),
+            eventData: event,
+        });
+        // Generate proof
+        const proof = await this.generateConsentProof("consent:credential_required", event, timestamp);
+        await this.proofService.submitProof(proof, {
+            session: { id: event.sessionId },
+            consentEvent: {
+                eventType: "consent:credential_required",
+                timestamp,
+                sessionId: event.sessionId,
+                agentDid: event.agentDid,
+                targetTools: event.targetTools,
+                scopes: event.scopes,
+                projectId: event.projectId,
+                credentialStatus: "required",
+                oauthIdentity: event.oauthProvider
+                    ? {
+                        provider: event.oauthProvider,
+                        identifier: "",
+                    }
+                    : undefined,
+            },
+        });
+    }
+    /**
+     * Log delegation creation
+     */
+    async logDelegationCreated(event) {
+        const timestamp = Math.floor(Date.now() / 1000); // Unix timestamp in seconds
+        const identity = await this.getServerIdentity();
+        // Log to audit system
+        await this.auditLogger.logEvent({
+            eventType: "consent:delegation_created",
+            identity,
+            session: this.createSessionContext(event.sessionId),
+            eventData: event,
+        });
+        // Generate proof
+        const proof = await this.generateConsentProof("consent:delegation_created", event, timestamp);
+        await this.proofService.submitProof(proof, {
+            session: { id: event.sessionId },
+            consentEvent: {
+                eventType: "consent:delegation_created",
+                timestamp,
+                sessionId: event.sessionId,
+                delegationId: event.delegationId,
+                agentDid: event.agentDid,
+                userDid: event.userDid,
+                targetTools: event.targetTools,
+                scopes: event.scopes,
+                projectId: event.projectId,
+            },
+        });
+    }
+    /**
+     * Generate proof for consent event
+     *
+     * IMPORTANT: Consent events use synthetic canonical request/response forms
+     * since they represent system events, not actual HTTP requests. The MCP-I
+     * proof spec allows synthetic forms for system-generated events that don't
+     * correspond to actual HTTP requests.
+     *
+     * ✅ FIXED: Added nonce generation, fixed SessionContext structure
+     */
+    async generateConsentProof(eventType, event, timestamp) {
+        const identity = await this.getServerIdentity();
+        // ✅ CRITICAL: Generate nonce for this session (REQUIRED by SessionContext)
+        const nonce = await this.runtime.issueNonce(event.sessionId);
+        // Synthetic canonical forms for consent events
+        // Use ToolRequest/ToolResponse format expected by CloudflareProofGenerator
+        const canonicalRequest = {
+            method: "POST",
+            params: {
+                eventType,
+                timestamp,
+                ...event,
+            },
+        };
+        const canonicalResponse = {
+            data: {
+                success: true,
+                eventType,
+                timestamp,
+                serverDid: identity.did,
+            },
+        };
+        // ✅ FIXED: Build SessionContext with all required fields
+        // ✅ FIXED: Remove agentDid and clientDid from SessionContext (not part of spec)
+        // ✅ FIXED: Move clientDid to ProofOptions
+        const now = Math.floor(Date.now() / 1000);
+        const sessionContext = {
+            sessionId: event.sessionId,
+            nonce, // ✅ REQUIRED - was missing!
+            audience: "https://kya.vouched.id",
+            timestamp: now,
+            createdAt: now,
+            lastActivity: now,
+            ttlMinutes: 30,
+        };
+        return await this.proofGenerator.generateProof(canonicalRequest, canonicalResponse, sessionContext, // Only nonce, audience, sessionId
+        {
+            scopeId: eventType,
+            clientDid: event.userDid, // ✅ clientDid belongs in options, not session
+        });
+    }
+    /**
+     * Get server's actual identity (NO FALLBACK)
+     */
+    async getServerIdentity() {
+        if (!this.runtime) {
+            throw new Error("Runtime required for consent audit - cannot use fallback identity");
+        }
+        try {
+            const identity = await this.runtime.getIdentity();
+            if (!identity) {
+                throw new Error("No active identity available");
+            }
+            return identity;
+        }
+        catch (error) {
+            this.logger.error("Failed to get server identity", {
+                error: error instanceof Error ? error.message : String(error),
+            });
+            throw new Error("Server identity required for consent audit logging");
+        }
+    }
+}
+//# sourceMappingURL=consent-audit.service.js.map

package/dist/services/consent-audit.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"consent-audit.service.js","sourceRoot":"","sources":["../../src/services/consent-audit.service.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAYH,MAAM,OAAO,mBAAmB;IASpB;IACA;IACA;IACA;IACA;IAZF,MAAM,GAAG;QACf,KAAK,EAAE,CAAC,OAAe,EAAE,IAAyB,EAAE,EAAE;YACpD,OAAO,CAAC,KAAK,CAAC,yBAAyB,OAAO,EAAE,EAAE,IAAI,CAAC,CAAC;YACxD,uCAAuC;QACzC,CAAC;KACF,CAAC;IAEF,YACU,YAA0B,EAC1B,WAAyB,EACzB,cAAwC,EACxC,MAA+B,EAC/B,OAA0B,CAAC,wBAAwB;;QAJnD,iBAAY,GAAZ,YAAY,CAAc;QAC1B,gBAAW,GAAX,WAAW,CAAc;QACzB,mBAAc,GAAd,cAAc,CAA0B;QACxC,WAAM,GAAN,MAAM,CAAyB;QAC/B,YAAO,GAAP,OAAO,CAAmB;IACjC,CAAC;IAEJ;;;OAGG;IACK,oBAAoB,CAAC,SAAiB;QAC5C,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAC1C,oFAAoF;QACpF,MAAM,QAAQ,GAAG,wBAAwB,CAAC;QAC1C,OAAO;YACL,SAAS;YACT,QAAQ;YACR,KAAK,EAAE,EAAE,EAAE,6CAA6C;YACxD,SAAS,EAAE,GAAG;YACd,SAAS,EAAE,GAAG;YACd,YAAY,EAAE,GAAG;YACjB,UAAU,EAAE,EAAE;SACf,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,kBAAkB,CAAC,KAMxB;QACC,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,4BAA4B;QAC7E,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAEhD,uDAAuD;QACvD,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC;YAC9B,SAAS,EAAE,qBAAqB;YAChC,QAAQ;YACR,OAAO,EAAE,IAAI,CAAC,oBAAoB,CAAC,KAAK,CAAC,SAAS,CAAC;YACnD,SAAS,EAAE,KAAK;SACjB,CAAC,CAAC;QAEH,+BAA+B;QAC/B,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAC3C,qBAAqB,EACrB,KAAK,EACL,SAAS,CACV,CAAC;QAEF,MAAM,IAAI,CAAC,YAAY,CAAC,WAAW,CAAC,KAAK,EAAE;YACzC,OAAO,EAAE,EAAE,EAAE,EAAE,KAAK,CAAC,SAAS,EAAE;YAChC,YAAY,EAAE;gBACZ,SAAS,EAAE,qBAAqB;gBAChC,SAAS;gBACT,SAAS,EAAE,KAAK,CAAC,SAAS;gBAC1B,QAAQ,EAAE,KAAK,CAAC,QAAQ;gBACxB,WAAW,EAAE,KAAK,CAAC,WAAW;gBAC9B,MAAM,EAAE,KAAK,CAAC,MAAM;gBACpB,SAAS,EAAE,KAAK,CAAC,SAAS;aAC3B;SACF,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,kBAAkB,CAAC,KAUxB;QACC,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,4BAA4B;QAC7E,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAEhD,sBAAsB;QACtB,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC;YAC9B,SAAS,EAAE,kBAAkB;YAC7B,QAAQ;YACR,OAAO,EAAE,IAAI,CAAC,oBAAoB,CAAC,KAAK,CAAC,SAAS,CAAC;YACnD,SAAS,EAAE,KAAK;SACjB,CAAC,CAAC;QAEH,iBAAiB;QACjB,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAC3C,kBAAkB,EAClB,KAAK,EACL,SAAS,CACV,CAAC;QAEF,MAAM,IAAI,CAAC,YAAY,CAAC,WAAW,CAAC,KAAK,EAAE;YACzC,OAAO,EAAE,EAAE,EAAE,EAAE,KAAK,CAAC,SAAS,EAAE;YAChC,YAAY,EAAE;gBACZ,SAAS,EAAE,kBAAkB;gBAC7B,SAAS;gBACT,SAAS,EAAE,KAAK,CAAC,SAAS;gBAC1B,OAAO,EAAE,KAAK,CAAC,OAAO;gBACtB,QAAQ,EAAE,KAAK,CAAC,QAAQ;gBACxB,WAAW,EAAE,KAAK,CAAC,WAAW;gBAC9B,MAAM,EAAE,KAAK,CAAC,MAAM;gBACpB,YAAY,EAAE,KAAK,CAAC,YAAY;gBAChC,SAAS,EAAE,KAAK,CAAC,SAAS;gBAC1B,aAAa,EAAE,KAAK,CAAC,aAAa;gBAClC,aAAa,EAAE,KAAK,CAAC,aAAa;aACnC;SACF,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,qBAAqB,CAAC,KAO3B;QACC,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,4BAA4B;QAC7E,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAEhD,sBAAsB;QACtB,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC;YAC9B,SAAS,EAAE,6BAA6B;YACxC,QAAQ;YACR,OAAO,EAAE,IAAI,CAAC,oBAAoB,CAAC,KAAK,CAAC,SAAS,CAAC;YACnD,SAAS,EAAE,KAAK;SACjB,CAAC,CAAC;QAEH,iBAAiB;QACjB,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAC3C,6BAA6B,EAC7B,KAAK,EACL,SAAS,CACV,CAAC;QAEF,MAAM,IAAI,CAAC,YAAY,CAAC,WAAW,CAAC,KAAK,EAAE;YACzC,OAAO,EAAE,EAAE,EAAE,EAAE,KAAK,CAAC,SAAS,EAAE;YAChC,YAAY,EAAE;gBACZ,SAAS,EAAE,6BAA6B;gBACxC,SAAS;gBACT,SAAS,EAAE,KAAK,CAAC,SAAS;gBAC1B,QAAQ,EAAE,KAAK,CAAC,QAAQ;gBACxB,WAAW,EAAE,KAAK,CAAC,WAAW;gBAC9B,MAAM,EAAE,KAAK,CAAC,MAAM;gBACpB,SAAS,EAAE,KAAK,CAAC,SAAS;gBAC1B,gBAAgB,EAAE,UAAU;gBAC5B,aAAa,EAAE,KAAK,CAAC,aAAa;oBAChC,CAAC,CAAC;wBACE,QAAQ,EAAE,KAAK,CAAC,aAAa;wBAC7B,UAAU,EAAE,EAAE;qBACf;oBACH,CAAC,CAAC,SAAS;aACd;SACF,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,oBAAoB,CAAC,KAQ1B;QACC,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,4BAA4B;QAC7E,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAEhD,sBAAsB;QACtB,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC;YAC9B,SAAS,EAAE,4BAA4B;YACvC,QAAQ;YACR,OAAO,EAAE,IAAI,CAAC,oBAAoB,CAAC,KAAK,CAAC,SAAS,CAAC;YACnD,SAAS,EAAE,KAAK;SACjB,CAAC,CAAC;QAEH,iBAAiB;QACjB,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAC3C,4BAA4B,EAC5B,KAAK,EACL,SAAS,CACV,CAAC;QAEF,MAAM,IAAI,CAAC,YAAY,CAAC,WAAW,CAAC,KAAK,EAAE;YACzC,OAAO,EAAE,EAAE,EAAE,EAAE,KAAK,CAAC,SAAS,EAAE;YAChC,YAAY,EAAE;gBACZ,SAAS,EAAE,4BAA4B;gBACvC,SAAS;gBACT,SAAS,EAAE,KAAK,CAAC,SAAS;gBAC1B,YAAY,EAAE,KAAK,CAAC,YAAY;gBAChC,QAAQ,EAAE,KAAK,CAAC,QAAQ;gBACxB,OAAO,EAAE,KAAK,CAAC,OAAO;gBACtB,WAAW,EAAE,KAAK,CAAC,WAAW;gBAC9B,MAAM,EAAE,KAAK,CAAC,MAAM;gBACpB,SAAS,EAAE,KAAK,CAAC,SAAS;aAC3B;SACF,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;OASG;IACK,KAAK,CAAC,oBAAoB,CAChC,SAAiB,EACjB,KAAU,EACV,SAAiB;QAEjB,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAEhD,2EAA2E;QAC3E,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QAE7D,+CAA+C;QAC/C,2EAA2E;QAC3E,MAAM,gBAAgB,GAAG;YACvB,MAAM,EAAE,MAAM;YACd,MAAM,EAAE;gBACN,SAAS;gBACT,SAAS;gBACT,GAAG,KAAK;aACT;SACF,CAAC;QAEF,MAAM,iBAAiB,GAAG;YACxB,IAAI,EAAE;gBACJ,OAAO,EAAE,IAAI;gBACb,SAAS;gBACT,SAAS;gBACT,SAAS,EAAE,QAAQ,CAAC,GAAG;aACxB;SACF,CAAC;QAEF,yDAAyD;QACzD,gFAAgF;QAChF,0CAA0C;QAC1C,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAC1C,MAAM,cAAc,GAAmB;YACrC,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,KAAK,EAAE,4BAA4B;YACnC,QAAQ,EAAE,wBAAwB;YAClC,SAAS,EAAE,GAAG;YACd,SAAS,EAAE,GAAG;YACd,YAAY,EAAE,GAAG;YACjB,UAAU,EAAE,EAAE;SACf,CAAC;QAEF,OAAO,MAAM,IAAI,CAAC,cAAc,CAAC,aAAa,CAC5C,gBAAgB,EAChB,iBAAiB,EACjB,cAAc,EAAE,kCAAkC;QAClD;YACE,OAAO,EAAE,SAAS;YAClB,SAAS,EAAE,KAAK,CAAC,OAAO,EAAE,8CAA8C;SACzE,CACF,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,iBAAiB;QAC7B,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YAClB,MAAM,IAAI,KAAK,CACb,mEAAmE,CACpE,CAAC;QACJ,CAAC;QAED,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;YAClD,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;YAClD,CAAC;YACD,OAAO,QAAQ,CAAC;QAClB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,+BAA+B,EAAE;gBACjD,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;aAC9D,CAAC,CAAC;YACH,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;QACxE,CAAC;IACH,CAAC;CACF"}

package/dist/services/consent-config.service.d.ts

@@ -6,8 +6,8 @@
  *
  * Related Spec: MCP-I Phase 0 Implementation Plan, Task B.3
  */
-import type { CloudflareEnv } from '../types';
-import type { ConsentConfig } from '@kya-os/contracts/consent';
+import type { CloudflareEnv } from "../types";
+import type { ConsentConfig } from "@kya-os/contracts/consent";
 /**
  * Consent Config Service
  *

package/dist/services/consent-config.service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"consent-config.service.d.ts","sourceRoot":"","sources":["../../src/services/consent-config.service.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAE9C,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAQ/D;;;;GAIG;AACH,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,GAAG,CAAgB;gBAEf,GAAG,EAAE,aAAa;IAI9B;;;;;;;;;;OAUG;IACG,gBAAgB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC;IA0FjE;;;;;;OAMG;IACH,OAAO,CAAC,gBAAgB;IAkBxB;;;;OAIG;IACG,eAAe,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAcxD"}
+{"version":3,"file":"consent-config.service.d.ts","sourceRoot":"","sources":["../../src/services/consent-config.service.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAE9C,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAW/D;;;;GAIG;AACH,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,GAAG,CAAgB;gBAEf,GAAG,EAAE,aAAa;IAI9B;;;;;;;;;;OAUG;IACG,gBAAgB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC;IA0IjE;;;;;;OAMG;IACH,OAAO,CAAC,gBAAgB;IAkBxB;;;;OAIG;IACG,eAAe,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAcxD"}

package/dist/services/consent-config.service.js

@@ -6,8 +6,8 @@
  *
  * Related Spec: MCP-I Phase 0 Implementation Plan, Task B.3
  */
-import { DEFAULT_AGENTSHIELD_URL } from '../constants';
-import { validateConsentConfig } from '@kya-os/contracts/consent';
+import { DEFAULT_AGENTSHIELD_URL } from "../constants";
+import { validateConsentConfig, } from "@kya-os/contracts/consent";
 /**
  * Default consent configuration cache TTL (5 minutes)
  */
@@ -39,22 +39,37 @@ export class ConsentConfigService {
         if (cache) {
             const cacheKey = `consent:config:${projectId}`;
             try {
-                const cached = await cache.get(cacheKey, 'json');
+                const cached = await cache.get(cacheKey, "json");
                 if (cached) {
                     // Validate cached config
                     const validation = validateConsentConfig(cached);
                     if (validation.success) {
-                        console.log('[ConsentConfig] ✅ Config retrieved from cache');
-                        return validation.data;
+                        // ✅ Merge cached config with defaults to ensure terms checkbox is always shown
+                        const cachedConfig = validation.data;
+                        const defaults = this.getDefaultConfig();
+                        const mergedConfig = {
+                            ...cachedConfig, // Start with cached config
+                            // Merge terms: ensure required is always true if terms exist (unless explicitly false)
+                            terms: cachedConfig.terms
+                                ? {
+                                    ...defaults.terms, // Start with defaults (required: true)
+                                    ...cachedConfig.terms, // Override with cached values
+                                    // ✅ CRITICAL: Always set required to true if terms exist (unless explicitly false)
+                                    required: cachedConfig.terms.required !== false ? true : false,
+                                }
+                                : defaults.terms,
+                        };
+                        console.log("[ConsentConfig] ✅ Config retrieved from cache");
+                        return mergedConfig;
                     }
                     else {
-                        console.warn('[ConsentConfig] Cached config invalid, fetching fresh:', validation.error);
+                        console.warn("[ConsentConfig] Cached config invalid, fetching fresh:", validation.error);
                         // Cache is invalid, continue to fetch fresh
                     }
                 }
             }
             catch (error) {
-                console.warn('[ConsentConfig] Cache read error, fetching fresh:', error);
+                console.warn("[ConsentConfig] Cache read error, fetching fresh:", error);
                 // Continue to fetch fresh on cache error
             }
         }
@@ -63,14 +78,13 @@ export class ConsentConfigService {
             const agentShieldUrl = this.env.AGENTSHIELD_API_URL || DEFAULT_AGENTSHIELD_URL;
             const apiKey = this.env.AGENTSHIELD_API_KEY;
             if (!apiKey) {
-                console.warn('[ConsentConfig] No API key configured, using defaults');
+                console.warn("[ConsentConfig] No API key configured, using defaults");
                 return this.getDefaultConfig();
             }
             const response = await fetch(`${agentShieldUrl}/api/v1/bouncer/projects/${projectId}/consent-config`, {
                 headers: {
-                    'X-API-Key': apiKey,
-                    'X-Project-Id': projectId,
-                    'Content-Type': 'application/json',
+                    Authorization: `Bearer ${apiKey}`,
+                    "Content-Type": "application/json",
                 },
             });
             if (response.ok) {
@@ -78,39 +92,52 @@ export class ConsentConfigService {
                 // Validate response
                 const validation = validateConsentConfig(configData);
                 if (validation.success) {
-                    const config = validation.data;
-                    // Cache for 5 minutes
+                    const apiConfig = validation.data;
+                    // ✅ Merge with defaults to ensure terms checkbox is always shown
+                    // This ensures that if API returns config without terms, we use default terms
+                    const defaults = this.getDefaultConfig();
+                    const config = {
+                        ...apiConfig, // Start with API config
+                        // Merge terms: if API provides terms but required is false/undefined, ensure required is true
+                        terms: apiConfig.terms
+                            ? {
+                                ...defaults.terms, // Start with defaults (required: true)
+                                ...apiConfig.terms, // Override with API values
+                                // ✅ CRITICAL: Always set required to true if terms exist (unless API explicitly sets to false)
+                                // This ensures checkbox always appears for delegation flows
+                                required: apiConfig.terms.required !== false ? true : false,
+                            }
+                            : defaults.terms,
+                    };
+                    // Cache merged config for 5 minutes
                     if (cache) {
                         try {
                             await cache.put(`consent:config:${projectId}`, JSON.stringify(config), { expirationTtl: CONSENT_CONFIG_CACHE_TTL });
-                            console.log('[ConsentConfig] ✅ Config fetched and cached');
+                            console.log("[ConsentConfig] ✅ Config fetched and cached");
                         }
                         catch (cacheError) {
-                            console.warn('[ConsentConfig] Cache write failed (non-fatal):', cacheError);
+                            console.warn("[ConsentConfig] Cache write failed (non-fatal):", cacheError);
                         }
                     }
                     return config;
                 }
                 else {
-                    console.warn('[ConsentConfig] API response invalid, using defaults:', validation.error);
+                    console.warn("[ConsentConfig] API response invalid, using defaults:", validation.error.errors || validation.error.message || String(validation.error));
                     // Don't cache invalid configs - return defaults instead
                     return this.getDefaultConfig();
                 }
             }
             else if (response.status === 404) {
-                console.log('[ConsentConfig] Project not found (404), using defaults. Endpoint may not exist yet on AgentShield.');
+                console.log("[ConsentConfig] Project not found, using defaults");
                 return this.getDefaultConfig();
             }
             else {
-                console.warn('[ConsentConfig] API request failed:', response.status, response.statusText, {
-                    url: `${agentShieldUrl}/api/v1/bouncer/projects/${projectId}/consent-config`,
-                    projectId,
-                });
+                console.warn("[ConsentConfig] API request failed:", response.status, response.statusText);
                 return this.getDefaultConfig();
             }
         }
         catch (error) {
-            console.warn('[ConsentConfig] Failed to fetch config, using defaults:', error);
+            console.warn("[ConsentConfig] Failed to fetch config, using defaults:", error);
             return this.getDefaultConfig();
         }
     }
@@ -124,15 +151,15 @@ export class ConsentConfigService {
     getDefaultConfig() {
         return {
             branding: {
-                primaryColor: '#2563eb',
-                theme: 'light',
+                primaryColor: "#2563eb",
+                theme: "light",
             },
             terms: {
-                text: 'By approving, you grant permission for this agent to perform actions on your behalf. You can revoke this permission at any time.',
+                text: "By approving, you grant permission for this agent to perform actions on your behalf. You can revoke this permission at any time.",
                 required: true,
             },
             ui: {
-                theme: 'light',
+                theme: "light",
                 popupEnabled: false,
                 autoClose: false,
             },
@@ -151,10 +178,10 @@ export class ConsentConfigService {
         try {
             const cacheKey = `consent:config:${projectId}`;
             await cache.delete(cacheKey);
-            console.log('[ConsentConfig] Cache invalidated for project:', projectId);
+            console.log("[ConsentConfig] Cache invalidated for project:", projectId);
         }
         catch (error) {
-            console.warn('[ConsentConfig] Failed to invalidate cache:', error);
+            console.warn("[ConsentConfig] Failed to invalidate cache:", error);
         }
     }
 }

package/dist/services/consent-config.service.js.map

@@ -1 +1 @@
-{"version":3,"file":"consent-config.service.js","sourceRoot":"","sources":["../../src/services/consent-config.service.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,EAAE,uBAAuB,EAAE,MAAM,cAAc,CAAC;AAEvD,OAAO,EAAuB,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AAEvF;;GAEG;AACH,MAAM,wBAAwB,GAAG,GAAG,CAAC,CAAC,uBAAuB;AAE7D;;;;GAIG;AACH,MAAM,OAAO,oBAAoB;IACvB,GAAG,CAAgB;IAE3B,YAAY,GAAkB;QAC5B,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;IACjB,CAAC;IAED;;;;;;;;;;OAUG;IACH,KAAK,CAAC,gBAAgB,CAAC,SAAiB;QACtC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,kBAAkB,CAAC;QAE1C,oBAAoB;QACpB,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,QAAQ,GAAG,kBAAkB,SAAS,EAAE,CAAC;YAC/C,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;gBACjD,IAAI,MAAM,EAAE,CAAC;oBACX,yBAAyB;oBACzB,MAAM,UAAU,GAAG,qBAAqB,CAAC,MAAM,CAAC,CAAC;oBACjD,IAAI,UAAU,CAAC,OAAO,EAAE,CAAC;wBACvB,OAAO,CAAC,GAAG,CAAC,+CAA+C,CAAC,CAAC;wBAC7D,OAAO,UAAU,CAAC,IAAI,CAAC;oBACzB,CAAC;yBAAM,CAAC;wBACN,OAAO,CAAC,IAAI,CAAC,wDAAwD,EAAE,UAAU,CAAC,KAAK,CAAC,CAAC;wBACzF,4CAA4C;oBAC9C,CAAC;gBACH,CAAC;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,IAAI,CAAC,mDAAmD,EAAE,KAAK,CAAC,CAAC;gBACzE,yCAAyC;YAC3C,CAAC;QACH,CAAC;QAED,6BAA6B;QAC7B,IAAI,CAAC;YACH,MAAM,cAAc,GAAG,IAAI,CAAC,GAAG,CAAC,mBAAmB,IAAI,uBAAuB,CAAC;YAC/E,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,mBAAmB,CAAC;YAE5C,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,OAAO,CAAC,IAAI,CAAC,uDAAuD,CAAC,CAAC;gBACtE,OAAO,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACjC,CAAC;YAED,MAAM,QAAQ,GAAG,MAAM,KAAK,CAC1B,GAAG,cAAc,4BAA4B,SAAS,iBAAiB,EACvE;gBACE,OAAO,EAAE;oBACP,WAAW,EAAE,MAAM;oBACnB,cAAc,EAAE,SAAS;oBACzB,cAAc,EAAE,kBAAkB;iBACnC;aACF,CACF,CAAC;YAEF,IAAI,QAAQ,CAAC,EAAE,EAAE,CAAC;gBAChB,MAAM,UAAU,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;gBAEzC,oBAAoB;gBACpB,MAAM,UAAU,GAAG,qBAAqB,CAAC,UAAU,CAAC,CAAC;gBACrD,IAAI,UAAU,CAAC,OAAO,EAAE,CAAC;oBACvB,MAAM,MAAM,GAAG,UAAU,CAAC,IAAI,CAAC;oBAE/B,sBAAsB;oBACtB,IAAI,KAAK,EAAE,CAAC;wBACV,IAAI,CAAC;4BACH,MAAM,KAAK,CAAC,GAAG,CACb,kBAAkB,SAAS,EAAE,EAC7B,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EACtB,EAAE,aAAa,EAAE,wBAAwB,EAAE,CAC5C,CAAC;4BACF,OAAO,CAAC,GAAG,CAAC,6CAA6C,CAAC,CAAC;wBAC7D,CAAC;wBAAC,OAAO,UAAU,EAAE,CAAC;4BACpB,OAAO,CAAC,IAAI,CAAC,iDAAiD,EAAE,UAAU,CAAC,CAAC;wBAC9E,CAAC;oBACH,CAAC;oBAED,OAAO,MAAM,CAAC;gBAChB,CAAC;qBAAM,CAAC;oBACN,OAAO,CAAC,IAAI,CAAC,uDAAuD,EAAE,UAAU,CAAC,KAAK,CAAC,CAAC;oBACxF,wDAAwD;oBACxD,OAAO,IAAI,CAAC,gBAAgB,EAAE,CAAC;gBACjC,CAAC;YACH,CAAC;iBAAM,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBACnC,OAAO,CAAC,GAAG,CAAC,qGAAqG,CAAC,CAAC;gBACnH,OAAO,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACjC,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,IAAI,CAAC,qCAAqC,EAAE,QAAQ,CAAC,MAAM,EAAE,QAAQ,CAAC,UAAU,EAAE;oBACxF,GAAG,EAAE,GAAG,cAAc,4BAA4B,SAAS,iBAAiB;oBAC5E,SAAS;iBACV,CAAC,CAAC;gBACH,OAAO,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACjC,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,IAAI,CAAC,yDAAyD,EAAE,KAAK,CAAC,CAAC;YAC/E,OAAO,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACjC,CAAC;IACH,CAAC;IAED;;;;;;OAMG;IACK,gBAAgB;QACtB,OAAO;YACL,QAAQ,EAAE;gBACR,YAAY,EAAE,SAAS;gBACvB,KAAK,EAAE,OAAO;aACf;YACD,KAAK,EAAE;gBACL,IAAI,EAAE,kIAAkI;gBACxI,QAAQ,EAAE,IAAI;aACf;YACD,EAAE,EAAE;gBACF,KAAK,EAAE,OAAO;gBACd,YAAY,EAAE,KAAK;gBACnB,SAAS,EAAE,KAAK;aACjB;SACF,CAAC;IACJ,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,eAAe,CAAC,SAAiB;QACrC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,kBAAkB,CAAC;QAC1C,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,kBAAkB,SAAS,EAAE,CAAC;YAC/C,MAAM,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAC7B,OAAO,CAAC,GAAG,CAAC,gDAAgD,EAAE,SAAS,CAAC,CAAC;QAC3E,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,IAAI,CAAC,6CAA6C,EAAE,KAAK,CAAC,CAAC;QACrE,CAAC;IACH,CAAC;CACF"}
+{"version":3,"file":"consent-config.service.js","sourceRoot":"","sources":["../../src/services/consent-config.service.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,EAAE,uBAAuB,EAAE,MAAM,cAAc,CAAC;AAEvD,OAAO,EAEL,qBAAqB,GACtB,MAAM,2BAA2B,CAAC;AAEnC;;GAEG;AACH,MAAM,wBAAwB,GAAG,GAAG,CAAC,CAAC,uBAAuB;AAE7D;;;;GAIG;AACH,MAAM,OAAO,oBAAoB;IACvB,GAAG,CAAgB;IAE3B,YAAY,GAAkB;QAC5B,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;IACjB,CAAC;IAED;;;;;;;;;;OAUG;IACH,KAAK,CAAC,gBAAgB,CAAC,SAAiB;QACtC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,kBAAkB,CAAC;QAE1C,oBAAoB;QACpB,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,QAAQ,GAAG,kBAAkB,SAAS,EAAE,CAAC;YAC/C,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;gBACjD,IAAI,MAAM,EAAE,CAAC;oBACX,yBAAyB;oBACzB,MAAM,UAAU,GAAG,qBAAqB,CAAC,MAAM,CAAC,CAAC;oBACjD,IAAI,UAAU,CAAC,OAAO,EAAE,CAAC;wBACvB,+EAA+E;wBAC/E,MAAM,YAAY,GAAG,UAAU,CAAC,IAAI,CAAC;wBACrC,MAAM,QAAQ,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAC;wBACzC,MAAM,YAAY,GAAkB;4BAClC,GAAG,YAAY,EAAE,2BAA2B;4BAC5C,uFAAuF;4BACvF,KAAK,EAAE,YAAY,CAAC,KAAK;gCACvB,CAAC,CAAC;oCACE,GAAG,QAAQ,CAAC,KAAK,EAAE,uCAAuC;oCAC1D,GAAG,YAAY,CAAC,KAAK,EAAE,8BAA8B;oCACrD,mFAAmF;oCACnF,QAAQ,EAAE,YAAY,CAAC,KAAK,CAAC,QAAQ,KAAK,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK;iCAC/D;gCACH,CAAC,CAAC,QAAQ,CAAC,KAAK;yBACnB,CAAC;wBACF,OAAO,CAAC,GAAG,CAAC,+CAA+C,CAAC,CAAC;wBAC7D,OAAO,YAAY,CAAC;oBACtB,CAAC;yBAAM,CAAC;wBACN,OAAO,CAAC,IAAI,CACV,wDAAwD,EACxD,UAAU,CAAC,KAAK,CACjB,CAAC;wBACF,4CAA4C;oBAC9C,CAAC;gBACH,CAAC;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,IAAI,CACV,mDAAmD,EACnD,KAAK,CACN,CAAC;gBACF,yCAAyC;YAC3C,CAAC;QACH,CAAC;QAED,6BAA6B;QAC7B,IAAI,CAAC;YACH,MAAM,cAAc,GAClB,IAAI,CAAC,GAAG,CAAC,mBAAmB,IAAI,uBAAuB,CAAC;YAC1D,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,mBAAmB,CAAC;YAE5C,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,OAAO,CAAC,IAAI,CAAC,uDAAuD,CAAC,CAAC;gBACtE,OAAO,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACjC,CAAC;YAED,MAAM,QAAQ,GAAG,MAAM,KAAK,CAC1B,GAAG,cAAc,4BAA4B,SAAS,iBAAiB,EACvE;gBACE,OAAO,EAAE;oBACP,aAAa,EAAE,UAAU,MAAM,EAAE;oBACjC,cAAc,EAAE,kBAAkB;iBACnC;aACF,CACF,CAAC;YAEF,IAAI,QAAQ,CAAC,EAAE,EAAE,CAAC;gBAChB,MAAM,UAAU,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;gBAEzC,oBAAoB;gBACpB,MAAM,UAAU,GAAG,qBAAqB,CAAC,UAAU,CAAC,CAAC;gBACrD,IAAI,UAAU,CAAC,OAAO,EAAE,CAAC;oBACvB,MAAM,SAAS,GAAG,UAAU,CAAC,IAAI,CAAC;oBAElC,iEAAiE;oBACjE,8EAA8E;oBAC9E,MAAM,QAAQ,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAC;oBACzC,MAAM,MAAM,GAAkB;wBAC5B,GAAG,SAAS,EAAE,wBAAwB;wBACtC,8FAA8F;wBAC9F,KAAK,EAAE,SAAS,CAAC,KAAK;4BACpB,CAAC,CAAC;gCACE,GAAG,QAAQ,CAAC,KAAK,EAAE,uCAAuC;gCAC1D,GAAG,SAAS,CAAC,KAAK,EAAE,2BAA2B;gCAC/C,+FAA+F;gCAC/F,4DAA4D;gCAC5D,QAAQ,EAAE,SAAS,CAAC,KAAK,CAAC,QAAQ,KAAK,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK;6BAC5D;4BACH,CAAC,CAAC,QAAQ,CAAC,KAAK;qBACnB,CAAC;oBAEF,oCAAoC;oBACpC,IAAI,KAAK,EAAE,CAAC;wBACV,IAAI,CAAC;4BACH,MAAM,KAAK,CAAC,GAAG,CACb,kBAAkB,SAAS,EAAE,EAC7B,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EACtB,EAAE,aAAa,EAAE,wBAAwB,EAAE,CAC5C,CAAC;4BACF,OAAO,CAAC,GAAG,CAAC,6CAA6C,CAAC,CAAC;wBAC7D,CAAC;wBAAC,OAAO,UAAU,EAAE,CAAC;4BACpB,OAAO,CAAC,IAAI,CACV,iDAAiD,EACjD,UAAU,CACX,CAAC;wBACJ,CAAC;oBACH,CAAC;oBAED,OAAO,MAAM,CAAC;gBAChB,CAAC;qBAAM,CAAC;oBACN,OAAO,CAAC,IAAI,CACV,uDAAuD,EACvD,UAAU,CAAC,KAAK,CAAC,MAAM,IAAI,UAAU,CAAC,KAAK,CAAC,OAAO,IAAI,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,CAChF,CAAC;oBACF,wDAAwD;oBACxD,OAAO,IAAI,CAAC,gBAAgB,EAAE,CAAC;gBACjC,CAAC;YACH,CAAC;iBAAM,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBACnC,OAAO,CAAC,GAAG,CAAC,mDAAmD,CAAC,CAAC;gBACjE,OAAO,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACjC,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,IAAI,CACV,qCAAqC,EACrC,QAAQ,CAAC,MAAM,EACf,QAAQ,CAAC,UAAU,CACpB,CAAC;gBACF,OAAO,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACjC,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,IAAI,CACV,yDAAyD,EACzD,KAAK,CACN,CAAC;YACF,OAAO,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACjC,CAAC;IACH,CAAC;IAED;;;;;;OAMG;IACK,gBAAgB;QACtB,OAAO;YACL,QAAQ,EAAE;gBACR,YAAY,EAAE,SAAS;gBACvB,KAAK,EAAE,OAAO;aACf;YACD,KAAK,EAAE;gBACL,IAAI,EAAE,kIAAkI;gBACxI,QAAQ,EAAE,IAAI;aACf;YACD,EAAE,EAAE;gBACF,KAAK,EAAE,OAAO;gBACd,YAAY,EAAE,KAAK;gBACnB,SAAS,EAAE,KAAK;aACjB;SACF,CAAC;IACJ,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,eAAe,CAAC,SAAiB;QACrC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,kBAAkB,CAAC;QAC1C,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,kBAAkB,SAAS,EAAE,CAAC;YAC/C,MAAM,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAC7B,OAAO,CAAC,GAAG,CAAC,gDAAgD,EAAE,SAAS,CAAC,CAAC;QAC3E,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,IAAI,CAAC,6CAA6C,EAAE,KAAK,CAAC,CAAC;QACrE,CAAC;IACH,CAAC;CACF"}

package/dist/services/consent-page-renderer.d.ts

@@ -102,6 +102,20 @@ export declare class ConsentPageRenderer {
      * @returns HTML string
      */
     private renderHeader;
+    /**
+     * Get provider branding information
+     *
+     * @param provider - Provider name
+     * @returns Provider branding (color and display name)
+     */
+    private getProviderBranding;
+    /**
+     * Render provider badge
+     *
+     * @param provider - Provider name
+     * @returns HTML string for provider badge
+     */
+    private renderProviderBadge;
     /**
      * Render scopes list
      *

package/dist/services/consent-page-renderer.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"consent-page-renderer.d.ts","sourceRoot":"","sources":["../../src/services/consent-page-renderer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,KAAK,EACV,iBAAiB,EAIjB,aAAa,EACd,MAAM,2BAA2B,CAAC;AAEnC;;;;GAIG;AACH,qBAAa,mBAAmB;IAC9B;;;;;;OAMG;IACH,MAAM,CACJ,MAAM,EAAE,iBAAiB,GAAG;QAAE,aAAa,CAAC,EAAE,OAAO,CAAC;QAAC,QAAQ,CAAC,EAAE,MAAM,CAAA;KAAE,EAC1E,aAAa,CAAC,EAAE,aAAa,GAC5B,MAAM;IAyBT;;;;;OAKG;IACH,aAAa,CAAC,MAAM,EAAE;QAAE,YAAY,EAAE,MAAM,CAAC;QAAC,SAAS,CAAC,EAAE,OAAO,CAAA;KAAE,GAAG,MAAM;IA6B5E;;;;;;;OAOG;IACH,OAAO,CAAC,UAAU;IAYlB;;;;;OAKG;IACH,OAAO,CAAC,WAAW;IAanB;;;;;OAKG;IACH,OAAO,CAAC,aAAa;IASrB;;;;;;;;OAQG;IACH,OAAO,CAAC,cAAc;IA0BtB;;;;;OAKG;IACH,OAAO,CAAC,gBAAgB;IAkCxB;;;;;OAKG;IACH,OAAO,CAAC,aAAa;IASrB;;;;;OAKG;IACH,OAAO,CAAC,mBAAmB;IAkB3B;;;;;OAKG;IACH,OAAO,CAAC,YAAY;IAuBpB;;;;;OAKG;IACH,OAAO,CAAC,YAAY;IA0BpB;;;;;OAKG;IACH,OAAO,CAAC,WAAW;IAqBnB;;;;;OAKG;IACH,OAAO,CAAC,kBAAkB;IA6D1B;;;;;;OAMG;IACH,OAAO,CAAC,UAAU;IAqDlB;;;;;;OAMG;IACH,OAAO,CAAC,YAAY;CAmKrB"}
+{"version":3,"file":"consent-page-renderer.d.ts","sourceRoot":"","sources":["../../src/services/consent-page-renderer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,KAAK,EACV,iBAAiB,EAIjB,aAAa,EACd,MAAM,2BAA2B,CAAC;AAEnC;;;;GAIG;AACH,qBAAa,mBAAmB;IAC9B;;;;;;OAMG;IACH,MAAM,CACJ,MAAM,EAAE,iBAAiB,GAAG;QAAE,aAAa,CAAC,EAAE,OAAO,CAAC;QAAC,QAAQ,CAAC,EAAE,MAAM,CAAA;KAAE,EAC1E,aAAa,CAAC,EAAE,aAAa,GAC5B,MAAM;IAyBT;;;;;OAKG;IACH,aAAa,CAAC,MAAM,EAAE;QAAE,YAAY,EAAE,MAAM,CAAC;QAAC,SAAS,CAAC,EAAE,OAAO,CAAA;KAAE,GAAG,MAAM;IA6B5E;;;;;;;OAOG;IACH,OAAO,CAAC,UAAU;IAYlB;;;;;OAKG;IACH,OAAO,CAAC,WAAW;IAanB;;;;;OAKG;IACH,OAAO,CAAC,aAAa;IASrB;;;;;;;;OAQG;IACH,OAAO,CAAC,cAAc;IA0BtB;;;;;OAKG;IACH,OAAO,CAAC,gBAAgB;IAkCxB;;;;;OAKG;IACH,OAAO,CAAC,aAAa;IASrB;;;;;OAKG;IACH,OAAO,CAAC,mBAAmB;IAkB3B;;;;;OAKG;IACH,OAAO,CAAC,YAAY;IA6BpB;;;;;OAKG;IACH,OAAO,CAAC,mBAAmB;IAuB3B;;;;;OAKG;IACH,OAAO,CAAC,mBAAmB;IAa3B;;;;;OAKG;IACH,OAAO,CAAC,YAAY;IA0BpB;;;;;OAKG;IACH,OAAO,CAAC,WAAW;IAqBnB;;;;;OAKG;IACH,OAAO,CAAC,kBAAkB;IA6D1B;;;;;;OAMG;IACH,OAAO,CAAC,UAAU;IAqDlB;;;;;;OAMG;IACH,OAAO,CAAC,YAAY;CAoJrB"}

package/dist/services/consent-page-renderer.js

@@ -259,14 +259,56 @@ export class ConsentPageRenderer {
             ? `<p class="text-sm text-gray-600 mb-2">${branding.companyName}</p>`
             : "";
         const primaryColor = branding?.primaryColor || "#2563eb";
+        // Phase 2: Render provider badge if provider is specified
+        const providerBadge = config.provider
+            ? this.renderProviderBadge(config.provider)
+            : "";
         return `
     <div class="text-center mb-6">
       ${logoHtml}
       ${companyName}
+      ${providerBadge}
       <h1 class="text-2xl font-bold mb-2" style="color: ${primaryColor};">Authorize ${config.tool}</h1>
       <p class="text-gray-600">${config.toolDescription}</p>
     </div>`;
     }
+    /**
+     * Get provider branding information
+     *
+     * @param provider - Provider name
+     * @returns Provider branding (color and display name)
+     */
+    getProviderBranding(provider) {
+        const branding = {
+            github: { color: "#24292e", name: "GitHub" },
+            google: { color: "#4285f4", name: "Google" },
+            microsoft: { color: "#0078d4", name: "Microsoft" },
+            slack: { color: "#4a154b", name: "Slack" },
+            auth0: { color: "#eb5424", name: "Auth0" },
+            okta: { color: "#007dc1", name: "Okta" },
+        };
+        return (branding[provider.toLowerCase()] || {
+            color: "#666",
+            name: provider.charAt(0).toUpperCase() + provider.slice(1),
+        });
+    }
+    /**
+     * Render provider badge
+     *
+     * @param provider - Provider name
+     * @returns HTML string for provider badge
+     */
+    renderProviderBadge(provider) {
+        const branding = this.getProviderBranding(provider);
+        const providerNameEscaped = this.escapeHtml(branding.name);
+        const providerColorEscaped = this.escapeHtml(branding.color);
+        return `
+    <div class="mb-3">
+      <span class="inline-block px-3 py-1 rounded-full text-xs font-semibold text-white" style="background-color: ${providerColorEscaped};">
+        ${providerNameEscaped}
+      </span>
+    </div>`;
+    }
     /**
      * Render scopes list
      *
@@ -412,11 +454,11 @@ export class ConsentPageRenderer {
       <input type="hidden" name="session_id" value="${sessionId}" />
       <input type="hidden" name="project_id" value="${projectId}" />
       
-      ${config.terms && (config.terms.text || config.terms.url)
+      ${config.terms?.required
             ? `
       <div class="mb-4">
         <label class="flex items-start">
-          <input type="checkbox" name="termsAccepted" ${config.terms.required ? "required" : ""} class="mr-2 mt-1" />
+          <input type="checkbox" name="termsAccepted" required class="mr-2 mt-1" />
           <span class="text-sm text-gray-700">I accept the terms and conditions</span>
         </label>
       </div>
@@ -451,21 +493,15 @@ export class ConsentPageRenderer {
         return `
 <script>
 (function() {
-  // Wait for DOM to be ready
-  function init() {
-    const form = document.getElementById('consent-form');
-    if (!form) {
-      console.error('Consent form not found');
-      return;
-    }
-    
-    const serverUrl = ${serverUrlJs};
-    const oauthRequired = ${oauthRequiredJs};
-    const oauthUrl = ${oauthUrlJs};
-    
-    form.addEventListener('submit', async function(e) {
-      e.preventDefault();
-      e.stopPropagation();
+  const form = document.getElementById('consent-form');
+  if (!form) return;
+  
+  const serverUrl = ${serverUrlJs};
+  const oauthRequired = ${oauthRequiredJs};
+  const oauthUrl = ${oauthUrlJs};
+  
+  form.addEventListener('submit', async function(e) {
+    e.preventDefault();
     
     // Check if OAuth is required before submitting
     if (oauthRequired && oauthUrl) {
@@ -520,8 +556,7 @@ export class ConsentPageRenderer {
       project_id: formData.get('project_id'),
       termsAccepted: formData.get('termsAccepted') === 'on',
       customFields: {},
-      // Include oauth_identity (may be null if not available)
-      oauth_identity: extractedOAuthIdentity,
+      oauth_identity: extractedOAuthIdentity
     };
     
     // Collect custom fields
@@ -587,14 +622,6 @@ export class ConsentPageRenderer {
       alert('Error submitting authorization: ' + (error instanceof Error ? error.message : String(error)));
     }
   });
-  }
-  
-  // Initialize when DOM is ready
-  if (document.readyState === 'loading') {
-    document.addEventListener('DOMContentLoaded', init);
-  } else {
-    init();
-  }
 })();
 </script>`;
     }